32 CFR 505.1 - General information.

Status message

(a)Purpose. This part sets forth policies and procedures that govern personal information maintained by the Department of the Army (DA) in Privacy Act systems of records. This part also provides guidance on collecting and disseminating personal information in general. The purpose of the Army Privacy Act Program is to balance the government's need to maintain information about individuals with the right of individuals to be protected against unwarranted invasions of their privacy stemming from Federal agencies' collection, maintenance, use and disclosure of personal information about them. Additionally, this part promotes uniformity within the Army's Privacy Act Program.

(2) The Chief Attorney, Office of the Administrative Assistant to the Secretary of the Army (OAASA) will—

(i) Provide advice and assistance on legal matters arising out of, or incident to, the administration of the DA Privacy Act Program;

(ii) Serve as the legal advisor to the DA Privacy Act Review Board. This duty may be fulfilled by a designee in the Chief Attorney and Legal Services Directorate, OAASA;

(iii) Provide legal advice relating to interpretation and application of the Privacy Act of 1974; and

(iv) Serve as a member on the Defense Privacy Board Legal Committee. This duty may be fulfilled by a designee in the Chief Attorney and Legal Services Directorate, OAASA.

(3) The Judge Advocate General will serve as the Denial Authority on requests made pursuant to the Privacy Act of 1974 for access to or amendment of Army records, regardless of functional category, concerning actual or potential litigation in which the United States has an interest.

(4) The Chief, DA Freedom of Information Act and Privacy Office (FOIA/P), U.S. Army Records Management and Declassification Agency will—

(i) Develop and recommend policy;

(ii) Execute duties as the Army's Privacy Act Officer;

(iii) Promote Privacy Act awareness throughout the DA;

(iv) Serve as a voting member on the Defense Data Integrity Board and the Defense Privacy Board;

(v) Represent the Department of the Army in DOD policy meetings; and

(vi) Appoint a Privacy Act Manager who will—

(A) Administer procedures outlined in this part;

(B) Review and approve proposed new, altered, or amended Privacy Act systems of records notices and subsequently submit them to the Defense Privacy Office for coordination;

(C) Review Department of the Army Forms for compliance with the Privacy Act and this part;

(D) Ensure that reports required by the Privacy Act are provided upon request from the Defense Privacy Office;

(E) Ensure a Privacy Act Statement is provided to individuals when information is collected that will be maintained in a Privacy Act system of records, regardless of the medium used to collect the personal information (i.e., forms, personal interviews, stylized formats, telephonic interviews, or other methods);

(F) Review, biennially, recordkeeping practices to ensure compliance with the Act, paying particular attention to the maintenance of automated records. In addition, ensure cooperation with records management officials on such matters as maintenance and disposal procedures, statutory requirements, forms, and reports; and

(G) Review, biennially Privacy Act training practices. This is to ensure all personnel are familiar with the requirements of the Act.

(6) DA Privacy Act System Managers and Developers will—

(i) Ensure that appropriate procedures and safeguards are developed, implemented, and maintained to protect an individual's personal information;

(ii) Ensure that all personnel are aware of their responsibilities for protecting personal information being collected and maintained under the Privacy Act Program;

(iii) Ensure official filing systems that retrieve records by name or other personal identifier and are maintained in a Privacy Act system of records have been published in the Federal Register as a Privacy Act system of records notice. Any official who willfully maintains a system of records without meeting the publication requirements, as prescribed by 5 U.S.C. 552a, as amended, OMB Circular A-130, 32 CFR part 310 and this part, will be subject to possible criminal penalties and/or administrative sanctions;

(iv) Prepare new, amended, or altered Privacy Act system of records notices and submit them to the DA Freedom of Information and Privacy Office for review. After appropriate coordination, the system of records notices will be submitted to the Defense Privacy Office for their review and coordination;

(v) Review, biennially, each Privacy Act system of records notice under their purview to ensure that it accurately describes the system of records;

(vi) Review, every four years, the routine use disclosures associated with each Privacy Act system of records notice in order to determine if such routine use continues to be compatible with the purpose for which the activity collected the information;

(vii) Review, every four years, each Privacy Act system of records notice for which the Secretary of the Army has promulgated exemption rules pursuant to Sections (j) or (k) of the Act. This is to ensure such exemptions are still appropriate;

(viii) Review, every year, contracts that provide for the maintenance of a Privacy Act system of records to accomplish an activity's mission. This requirement is to ensure each contract contains provisions that bind the contractor, and its employees, to the requirements of 5 U.S.C. 552a(m)(1); and

(ix) Review, if applicable, ongoing Computer Matching Agreements. The Defense Data Integrity Board approves Computer Matching Agreements for 18 months, with an option to renew for an additional year. This additional review will ensure that the requirements of the Privacy Act, Office of Management and Budget guidance, local regulations, and the requirements contained in the Matching Agreements themselves have been met.

(7) All DA personnel will—

(i) Take appropriate actions to ensure personal information contained in a Privacy Act system of records is protected so that the security and confidentiality of the information is preserved;

(ii) Not disclose any personal information contained in a Privacy Act system of records except as authorized by 5 U.S.C. 552a, DOD 5400.11-R, or other applicable laws. Personnel willfully making a prohibited disclosure are subject to possible criminal penalties and/or administrative sanctions; and

(iii) Report any unauthorized disclosures or unauthorized maintenance of new Privacy Act systems of records to the applicable activity's Privacy Act Official.

(8) Heads of Joint Service agencies or commands for which the Army is the Executive Agent or the Army otherwise provides fiscal, logistical, or administrative support, will adhere to the policies and procedures in this part.

(9) Commander, Army and Air Force Exchange Service, will supervise and execute the Privacy Program within that command pursuant to this part.

(10) Overall Government-wide responsibility for implementation of the Privacy Act is the Office of Management and Budget. The Department of Defense is responsible for implementation of the Act within the armed services. The Privacy Act also assigns specific Government-wide responsibilities to the Office of Personnel Management and the General Services Administration.

The rule will be effective on May 7, 2015 unless comments are received that would result in a contrary determination. Comments will be accepted on or before April 27, 2015.

32 CFR Part 505

Summary

The Department of the Army is amending the Army Privacy Program Regulation. Specifically, Army is reinstating exemptions that were mistakenly deleted when the Army's Privacy Program Regulation was last revised. These rules provide policies and procedures for the Army's implementation of the Privacy Act of 1974, as amended. This direct final rule makes changes to the Department of the Army's Privacy Program rules. These changes will allow the Department to exempt records from certain portions of the Privacy Act. This will improve the efficiency and effectiveness of DoD's program by preserving the exempt status of the records when the purposes underlying the exemption are valid and necessary to protect the contents of the records. This rule is being published as a direct final rule as the Department of Defense does not expect to receive any adverse comments, and so a proposed rule is unnecessary. The revisions to these rules are part of DoD's retrospective plan under Executive Order 13563 completed in August 2011. DoD's full plan can be accessed at http://www.whitehouse.gov/sites/default/files/other/2011-regulatory-action-plans/departmentofdefenseregulatoryreformplanaugust2011a.pdf.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

The rule will be effective on May 7, 2015 unless comments are received that would result in a contrary determination. Comments will be accepted on or before April 27, 2015.

32 CFR Part 505

Summary

The Department of the Army is amending the Army Privacy Program Regulation. Specifically, Army is reinstating exemptions that were mistakenly deleted when the Army's Privacy Program Regulation was last revised. These rules provide policies and procedures for the Army's implementation of the Privacy Act of 1974, as amended. This direct final rule makes changes to the Department of the Army's Privacy Program rules. These changes will allow the Department to exempt records from certain portions of the Privacy Act. This will improve the efficiency and effectiveness of DoD's program by preserving the exempt status of the records when the purposes underlying the exemption are valid and necessary to protect the contents of the records. This rule is being published as a direct final rule as the Department of Defense does not expect to receive any adverse comments, and so a proposed rule is unnecessary. The revisions to these rules are part of DoD's retrospective plan under Executive Order 13563 completed in August 2011. DoD's full plan can be accessed at http://www.whitehouse.gov/sites/default/files/other/2011-regulatory-action-plans/departmentofdefenseregulatoryreformplanaugust2011a.pdf.